- Tumbleweed 1.1.0+0.ga32f5a4-1.1
- Leap-16.0
| diod(8) | diod | diod(8) |
NAME¶
diod - distributed I/O daemon
SYNOPSIS¶
diod [OPTIONS]
DESCRIPTION¶
diod is a 9P2000.L file server.
Configuration is read from the diod.conf (5) config file. Some configuration can be overridden on the command line, as described below.
OPTIONS¶
- -r, --rfdno INT
- -w, --wfdno INT
- Serve a connected client inherited on the specified read and write file descriptors. For file descriptors connected bidirectionally, the two options may be set to the same value.
- -l, --listen address
- Set the listen address. The address may be in the form of HOST:PORT, IP:PORT, or /path/to/unix_domain_socket form (default 0.0.0.0:564). IPv6 addresses must be enclosed in square brackets. This option may be specified more than once. It overrides the listen config file setting.
- -t, --nwthreads INT
- Set the number of worker threads to spawn to handle 9P operations for each unique aname. This option overrides the nwthreads setting in diod.conf (5). The default is 16.
- -e, --export PATH
- Set the file system to be exported. This option may be specified more than once. It overrides the exports setting in diod.conf (5).
- -E, --export-all
- Export everything in the server's /proc/mounts.
- -o, --export-opts OPT[,OPT,...]
- Set global export options. This option overrides the exportopts setting in diod.conf (5).
- -n, --no-auth
- This option allows users to attach without security credentials. It overrides the auth_required setting in diod.conf (5). See SECURITY below.
- -H, --no-hostname-lookup
- This option disables hostname lookups. It overrides the hostname_lookup setting in diod.conf (5).
- -N, --no-userdb
- This option disables password/group lookups. It allows any uid to attach and assumes gid=uid, and supplementary groups contain only the primary gid. It overrides the userdb setting in diod.conf (5).
- -S, --allsquash
- Remap all users to the squash user. The attaching user need not be present in the server's password file. This option overrides the allsquash setting in diod.conf (5).
- -U, --squashuser
- Set the squash user. The default is nobody. This option overrides the squashuser setting in diod.conf (5). Note: if diod is not run as root, the effective uid overrides the squashuser.
- -u, --runas-uid UID
- Run the server as UID and only allow that user to attach. If invoked as root, diod sets real and effective uid, gid, and supplementary groups to those belonging to UID.
- -L, --logdest DEST
- Set the destination for logging. Possible destinations are stderr, stdout, or a file name. This option overrides the logdest setting in diod.conf (5).
- -d, --debug MASK
- Set the debug mask. The bit values are:
0x01 - log decoded 9P protocol messages
- -c, --config-file PATH
- Set config file path.
SECURITY¶
diod optionally uses MUNGE for authentication. Briefly, a MUNGE credential is a user's uid and gid plus optional payload, encrypted using a secret shared between client and server, then base64 encoded.
The 9P2000.L authentication sequence with MUNGE looks like this:
Tauth afid uname aname n_uname Rauth aqid Twrite afid offset count <munge cred> Rwrite count Tattach fid afid uname aname n_uname Rattach qid Tclunk afid Rclunk
Tauth and Twrite authenticate uname to the server on afid, which, if the server accepts the credential, can then be used in the Tattach to obtain access to the root of a file system represented by aname as the uname user. The server knows that all accesses to fids walked from the attachment fid are being performed by uname.
If authentication is disabled in the server, the Tauth may be skipped and an afid of -1 may be presented in the Tattach.
It should be noted that even when authentication is enabled, network connections between client and server are not protected from eavesdropping or other attacks. It is best to use diod only on networks that are physically secure.
When the server is running as an unprivileged user, including when it starts as root but drops that capability because it is squashing all requests down to one user, all its file operations are performed as that user. This is the simplest and safest mode for diod to operate in from a security standpoint.
Multi-user support is intended to be paired with the Linux v9fs client and makes assumptions in the interest of correct functioning with v9fs that may be surprising, notably:
- 1.
- After Tattach is accepted for uname=root on a given connection, subsequent Tattach requests as other users on the same connection will be accepted without authentication (afid set to -1).
- 2.
- Server worker threads handling a request on behalf of a user call setfsuid (2) and setfsgid (2) to switch to the user's credentials. Supplementary groups are also loaded, but only if the server determines that it can do so in a thread-safe manner. A warning is issued at server startup if it cannot.
- 3.
- Server worker threads handling a request on behalf of a non-root user on a connection authenticated as root set CAP_DAC_OVERRIDE, CAP_CHOWN, and CAP_FOWNER. The v9fs client is assumed to be performing access checks. This largely works around complications that arise when supplementary groups cannot be loaded.
Since the v9fs client does not know how to authenticate with MUNGE, mount.diod (8) establishes the server connection and performs the authentication exchange and an initial Tattach as root, then passes the open file descriptor into the kernel with the mount (2) system call. The kernel v9fs client then re-introduces itself as root with afid set to -1. As noted above this Tattach and subsequent ones on this connection are accepted by the server by virtue of the initial authenticated root attachment.
FILES¶
/usr/sbin/diod
/etc/diod.conf
SEE ALSO¶
diod.conf (5), mount.diod (8), hosts_access (5)
| 1.1.0 | diod |